fake user signup

hi,
im using buddypress 1.2.7 and wordpress 3.2
i know its older version, but i think the problem is general.
people sign up to my websitehttp://www.artconx.net
even though i have a recapcha. some appeard in my users table without having confirmed their email and some “confirm” their email, even though the email looks fake. how can they sign up to my database without filling in the recaptcha or confirming their mail?
how can i prevent this?
thanks
yuval
p.s i would have loved to search the forum for a solution, but for some reason the search field always brings me to the homepage instead of search results.

== how can they sign up to my database without filling in the recaptcha or confirming their mail? ==
There is a possibility that your old BP1.2.7/WP3.2 installation has been hacked. I would start backing up DB and server files to your hard drive. See https://codex.wordpress.org/FAQ_My_site_was_hacked

== but for some reason the search field always brings me to the homepage instead of search results. ==
Yes we are aware of this and the issue will be resolved soon.